Smart contracts are one of the most prominent highlights in the blockchain landscape. You can notice how smart contracts could leverage well-defined interfaces to interact with each other to conduct financial transactions. However, the trustless environment without any intermediaries can create opportunities for malicious actors. Hackers could exploit vulnerabilities such as integer overflow attacks to achieve financial profits.
Smart contract vulnerabilities have led to losses worth more than $7 billion as of now. Hackers can tap into smart contract vulnerabilities and expose sensitive information or steal valuable assets of users. Since smart contracts are a prominent aspect of web3, it is important to focus on problems like integer overflow and follow the best practices for resolving such issues.
Web3 is the next generation of the internet, which would offer a new approach to interacting with digital services. The answers to ‘What is integer overflow attack?’ are essential for planning the roadmap to web3 adoption. However, you can address the problems due to integer overflow only by understanding the vulnerability. Let us find out the fundamentals of integer overflow and how you can avoid the vulnerability for your smart contracts.
What is Integer Overflow?
The problems with smart contract security present the biggest challenges for large-scale adoption of web3 and blockchain. Integer overflow is one of the popular issues in the domain of smart contract security. The best way to understand an integer overflow attack example would be to understand the representation of numbers in computers.
Digital transformation is the need of the hour, and smart contracts serve a vital role in automation of the process for executing transactions and agreements. However, the vulnerabilities and risks associated with smart contracts could lead to problems with security and effectiveness. Integer overflow and underflow are the common vulnerabilities associated with smart contracts. What is the primary reason for such issues?
It is important to note that computers store data in the form of numbers or text. The same condition is applicable to the Ethereum Virtual Machine or EVM, which provides fixed-sized data types for specifying integers. The integer overflow smart contract vulnerability emerges from the fact that a specific integer variable could only represent a specific range of numbers.
For example, a uint8 data type for an integer could store numbers from 0 to 255. If you store an integer greater than 256, then the value of the uint8 will return 0. Without any precautions, malicious actors could exploit variables in Solidity for unchecked inputs. If calculations could generate numbers outside the range of a specific data type for storing the numbers, then you could encounter integer overflow issues.
Learn more about the critical vulnerabilities and security risks in smart contracts with the Smart Contracts Security Course
Reasons for Integer Overflow
Integer overflow is not a new vulnerability for smart contracts. The origins of integer overflow can be traced to the detail that majority of computer languages could work with integers only having a limited range. The integer overflow Solidity contracts can exhibit, in certain cases, points at the range of calculations.
When the calculations of a result are beyond the range of a specific data type, then the result would violate accuracy and common assumptions. For instance, addition of two large numbers could generate a small number. In some cases, you might have a multiplication of two positive values for generating a negative product.
Bugs like integer overflow are common instances for low-level languages such as C++ and C. In addition, factors like manual memory management, weak type safety, and lack of range checking could also exacerbate the impact of integer overflow. Such types of flaws could present the foundation for full remote-code execution exploits. The big problem right now is the expansion of a vulnerability class from low-level programming in a radically different environment.
Develop an in-depth understanding of Solidity concepts with the Solidity Fundamentals Course
Working of Integer Overflow
The most important highlight of integer overflow attacks is the working mechanism of the attacks. Overflow scenarios are common in scenarios where you have to transmit a large batch of values to different receivers. Integer overflows are common when you can compare the total value of user tokens to the total amount of funds in airdrops or while giving tokens to a user. In the event of overflow, algorithms have to compare the lower value of overflowed tokens to the complete token value. The algorithm would also ensure that users know that they have an adequate number of tokens for funding the transaction.
Let us assume that an account has 100 tokens, and you send 99 tokens as the cost of a purchase and 1 token as the tip. Therefore, the total amount of the transaction is 100 tokens. The amount would return to zero in a case when the integer could store only two digits. The integer overflow attack example could lead to issues when the statement could not be managed with secure mathematical techniques for sanitizing the output.
You can take an example of a ‘TimeLock’ contract, which allows you to deposit Ether. However, you would have to wait for at least one week before withdrawing the amount deposited in the contract. You can use a mapping known as ‘lockTime’ in the contract to define the time after which you can withdraw the amount deposited in the contract.
Upon depositing Ether into the contract, the smart contract would implement two tasks. First of all, it would update the balance, and then it would update the ‘lockTime’ parameter to one week. Therefore, the integer overflow smart contract example would restrict depositors from withdrawing Ether from the contract for at least one week. What would you do at the time of withdrawal? The ‘withdrawal’ function in the smart contract would check whether the user has deposited Ether in the contract.
The contract would check the balance mapping of the concerned address and ensure that it is greater than zero. Subsequently, the contract would check whether the current time has exceeded the ‘lockTime’. If users attempt to call the withdrawal function before one week, then it would fail the essential check for withdrawal. Such types of contracts are vulnerable to integer overflow attacks as malicious actors could assign a large number to the ‘lockTime’ variable in the contract. How can hackers attack the ‘TimeLock’ contract?
Steps for Compromising the TimeLock Contract
The following contract example has been used to prove the working mechanism of integer overflow.
contract TimeLock { mapping(address => uint) public balances; mapping(address => uint) public lockTime; function deposit() external payable { balances[msg.sender] += msg.value; lockTime[msg.sender] = now + 1 weeks; } function increaseLockTime(uint _secondsToIncrease) public { lockTime[msg.sender] += _secondsToIncrease; } function withdraw() public { require(balances[msg.sender] > 0); require(now > lockTime[msg.sender]); balances[msg.sender] = 0; msg.sender.transfer(balance); } }
The time-locking contract serves as a time vault. It could provide an explanation for “What is integer overflow attack?” by showcasing ways for compromising the overflow vulnerability. Assume that one of the users has to hand over their private key forcefully. In such cases, the ‘TimeLock’ contract can ensure that the Ether in their contract is not retrievable for at least one week. On the other hand, users who have more than 100 Ether in the contract and have to hand their keys to a hacker could be victims of an integer overflow attack.
Hackers could find out the current ‘lockTime’ parameter for the concerned address that they know. First of all, the attacker could call the ‘increaseLockTime’ function and pass a higher number for the ‘userLockTime.’ It would lead to the overflow and reset the lockTime to zero. Subsequently, the attacker could only call the withdraw function to steal their reward.
Build your identity as a certified blockchain & web3 expert with 101 Blockchains Blockchain & Web3 Certifications designed to provide enhanced career prospects.
What are the Other Scenarios for Integer Overflow?
You should not rely on only one example of the ‘TimeLock’ contract for understanding integer overflow. On the other hand, you must look for another integer overflow attack example that helps you identify other scenarios where you can expect integer overflow. One of the foremost examples of such scenarios would point to the presence of a function in the smart contract that does not look for integer underflow. In addition, you can also encounter integer overflow issues due to representation of an array’s length as an unsigned integer.
Another example of a scenario for higher possibilities of integer overflow points at a single transaction overflow. Single transaction overflows are the common highlights in situations where multiplication of two signed integers leads to an unsigned integer as the output. In some cases, you can encounter the integer overflow Solidity contracts can have due to an integer overflow bug. Such types of bugs in problematic code for different ERC-20 token contracts could allow a token holder to send tokens to different recipients.
Start your journey to become a smart contract developer with the Smart Contract Skill Path
What are the Popular Examples of Overflow Attacks?
The biggest highlight in a discussion about an integer overflow attack is the list of examples for the attack. It is important to learn about “What is integer overflow attack?” by referring to popular examples of overflow attacks. Here is an outline of some of the popular examples of smart contract exploits with overflow attacks.
The ‘BeautyChain’ contract is a popular example of an overflow attack on a smart contract when the attacker utilized the vulnerability to overcome security assessments. On the other hand, you should also know that the smart contract vulnerability led to the loss of a massive amount of native tokens.
The next important integer overflow attack example is the Proof of Weak Hands Coin. It is a type of Ponzi scheme on Ethereum, programmed in Solidity language. The smart contract developers did not observe the vulnerabilities for overflow or underflow and lost 866 ETH from the contract.
The example of Coinstar or CSTR also showcases another prominent reason why you should stay safe from integer overflow. You must know that the ‘mintToken’ function of the smart contract had an integer overflow vulnerability. The issue emerged from the vulnerability that could empower the smart contract for establishing the balance of random users to any value.
How Can You Detect Integer Overflow and What are the Challenges?
The foremost challenge with EVM is that it does not provide any notification for integer overflow. It is a common feature in multiple programming languages. You should know that overflow happens due to storage of values after transactions. The best way to identify the possibility of overflow is to rerun the transaction.
Arithmetic operations are also one of the most notable causes of integer overflow attacks, as addition or subtraction of two numbers could lead to the vulnerability. In addition, multiplication and exponent operations are directly related to addition, thereby leading to possibilities of overflow.
The data types for signed and unsigned integers are declared only in high-level programming languages. However, the same is not applicable to byte code level. Therefore, you could not find the Solidity source code, thereby creating difficulties for guessing the type of integers.
Best Practices for Resolving Overflow Risks
Smart contract developers could resolve the risks of integer overflow by following different methods, such as checking the compiler version. You can resolve the integer overflow smart contract vulnerability by using the SafeMath library or suitable data types for detecting overflows. The SafeMath library provides insights on preconditions and post-conditions for determining the possibility of an overflow. In the event of an error, the SafeMath library could result in transaction failure and revert the updates in transaction status.
Another trusted best practice for avoiding the integer overflow attack is to keep your code updated regularly without potential vulnerabilities. Developers should also check that the Solidity compiler version must be 0.8 or higher. The higher compiler versions ensure that the preventive code of SafeMath library is integrated into the compiled code.
Start your journey to becoming an expert in Web3 security with the guidance of industry experts with Web3 Security Expert Career Path
Bottom Line
The introduction to integer overflow attacks shows that smart contract security risks can emerge from trivial vulnerabilities. Integer overflow is evident in scenarios where the results of the calculation could exceed the range of specified data type. The example of ‘TimeLock’ contract and the simplicity of implementing the overflow attack show that anyone could exploit smart contracts. You should understand the different types of scenarios that could lead to integer overflow for fighting against the vulnerability. Learn more about other smart contract vulnerabilities and how they affect web3 adoption now.
